Vulnerability Detail

Apple Mac OS X QuickDraw Manager PICT buffer overflow vulnerability

Date Discovered:
22 Sep 2005

Date Published:
23 Sep 2005

Last Updated:
23 Sep 2005

Threat Assessment

Overall Risk: Medium

Popularity : Medium

Impact: High

Simplicity: Low

Characteristics

Vulnerability ID: 33420
Discovered By: Henrik Dalgaard

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Remote attackers can execute arbitrary code.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

Apple Mac OS X QuickDraw Manager contains a vulnerability that can allow a remote attacker to execute arbitrary code. The vulnerability is due to insufficient bounds checking on PICT images by the QuickDraw Mangager. An attacker can use a carefully constructed image to cause a buffer overflow and execute arbitrary code.

Recommendations

Affected Technologies

Apple: Apple Mac OS X Client 10.3.9 PowerPC
Apple: Apple Mac OS X Client 10.4.2 PowerPC
Apple: Apple Mac OS X Server 10.3.9 PowerPC
Apple: Apple Mac OS X Server 10.4.2 PowerPC

References

apple: 2005-008
Mitre CVE: CAN-2005-2744

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools